Linux Distros Unpatched Vulnerability : CVE-2026-41178

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - OpenTelemetry-Go is the Go implementation of OpenTelemetry. Versions 1.41.0 and 1.43.0 removed raw-length rejection and it causes Parse to process arbitrarily...

CVE-2026-41178

CVE-2026-41178 affects OpenTelemetry-Go baggage parsing. The issue arises from removal of raw-length rejection in baggage header parsing, causing Parse to fully process very large or invalid baggage headers and log errors, enabling potential DoS via CPU/memory and log amplification. Concrete deta...

Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')

Overview org.apache.calcite:calcite-core is a Core Calcite APIs and engine. Affected versions of this package are vulnerable to Use of Externally-Controlled Input to Select Classes or Code 'Unsafe Reflection' via user-controled models. An attacker can achieve arbitrary code execution by supplying...

CVE-2026-9015

The Equalize Digital Accessibility Checker – WCAG, ADA, EAA and Section 508 compliance plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.42.0. This is due to the plugin not properly verifying that a user is authorized to perform an action. This mak...

EUVD-2026-32745

The Equalize Digital Accessibility Checker – WCAG, ADA, EAA and Section 508 compliance plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.42.0. This is due to the plugin not properly verifying that a user is authorized to perform an action. This mak...

CVE-2026-9015 Equalize Digital Accessibility Checker <= 1.42.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Accessibility Issue Modification via edac_insert_ignore_data AJAX Action

The Equalize Digital Accessibility Checker – WCAG, ADA, EAA and Section 508 compliance plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.42.0. This is due to the plugin not properly verifying that a user is authorized to perform an action. This mak...

WordPress Equalize Digital Accessibility Checker – WCAG, ADA, EAA and Section 508 compliance plugin <= 1.42.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Accessibility Issue Modification vulnerability

Missing Authorization to Authenticated Subscriber+ Arbitrary Accessibility Issue Modification vulnerability discovered by w1zard in WordPress Plugin Accessibility Checker by Equalize Digital versions = 1.42.0...

UBUNTU-CVE-2026-39883

OpenTelemetry-Go is the Go implementation of OpenTelemetry. From 1.15.0 to 1.42.0, the fix for CVE-2026-24051 changed the Darwin ioreg command to use an absolute path but left the BSD kenv command using a bare name, allowing the same PATH hijacking attack on BSD and Solaris platforms. This...

PT-2026-31450

Name of the Vulnerable Software and Affected Versions OpenTelemetry-Go versions 1.15.0 through 1.42.0 Description The fix for a previous issue changed the path used for one command but left another command vulnerable to a PATH hijacking attack on BSD and Solaris platforms. Specifically, the kenv...

CVE-2025-6589

Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/specials/pagers/BlockListPager.Php. This issue affects MediaWiki: = 1.42.0...

UBUNTU-CVE-2025-6589

Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/specials/pagers/BlockListPager.Php. This issue affects MediaWiki: = 1.42.0...

CVE-2025-6589

Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/specials/pagers/BlockListPager.Php. This issue affects MediaWiki: = 1.42.0...

MediaWiki 安全漏洞

MediaWiki is a free and open-source web-based wiki engine developed by the Wikimedia Foundation in the United States. This product can be used to deploy internal knowledge management and content management systems. MediaWiki versions 1.42.0 and later contain security vulnerabilities, which stem...

CVE-2024-41922

A directory traversal vulnerability exists in the log files download functionality of Veertu Anka Build 1.42.0. A specially crafted HTTP request can lead to a disclosure of sensitive information. An attacker can make an unauthenticated HTTP request to trigger this vulnerability...

Fedora 43 : buildah (2025-8f97b687c8)

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-8f97b687c8 advisory. Rebuild for security fixes in golang. ---- bump to v1.42.0 Tenable has extracted the preceding description block directly from the Fedora security...

EUVD-2025-25425

Malicious code in bioql PyPI...

CVE-2023-44487 affecting package grpc for versions less than 1.42.0-7

CVE-2023-44487 affecting package grpc for versions less than 1.42.0-7. A patched version of the package is available...

CVE-2025-34158

Plex Media Server PMS 1.41.7.x through 1.42.0.x before 1.42.1 is affected by incorrect resource transfer between spheres because /myplex/account provides the credentials of the server owner and a /api/resources call reveals other servers accessible by that server owner...

Plex Media Server 1.41.7.x - 1.42.0.x Resource Transfer Vulnerability

Plex Media Server is prone to an incorrect resource transfer vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

CVE-2025-34158

Plex Media Server PMS 1.41.7.x through 1.42.0.x before 1.42.1 is affected by incorrect resource transfer between spheres because /myplex/account provides the credentials of the server owner and a /api/resources call reveals other servers accessible by that server owner...